package com.plus.config;


import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;
import org.springframework.web.multipart.commons.CommonsMultipartResolver;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;

/**
 * @description:文件上传过滤掉脚本文件
 * @author: plus
 * @create: 2023-12-18 11:25
 * @Version 1.0
 **/
@Component
@ConfigurationProperties(prefix = "spring.security.file")
@WebFilter(filterName = "fileFilter", urlPatterns = "/*")
public class FileFilterConfig implements Filter {


    /**
     * 是否启用
     */
    private static boolean enable;
    public void setEnable(boolean enable) {
        this.enable = enable;
    }

    /**
     * 内置安全文件类型
     */
    private static List<String> safefiles;
    public void setSafefiles(List<String> safefiles) {
        this.safefiles = safefiles;
    }


    @Override
    public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
            throws IOException, ServletException {

        if(enable){
            HttpServletRequest httpServletRequest = (HttpServletRequest) arg0;
            CommonsMultipartResolver commonsMultipartResolver = new CommonsMultipartResolver(httpServletRequest.getSession().getServletContext());
            //String uriPath = ((HttpServletRequest)arg0).getRequestURI();
            if (commonsMultipartResolver.isMultipart(httpServletRequest)) {
                MultipartHttpServletRequest multipartRequest = commonsMultipartResolver.resolveMultipart(httpServletRequest);
                Iterator fileNames = multipartRequest.getFileNames();
                while(true) {
                    MultipartFile file;
                    do {
                        if (!fileNames.hasNext()) {
                            arg2.doFilter(multipartRequest, arg1);
                            return;
                        }
                        file = multipartRequest.getFile((String)fileNames.next());
                    } while(file == null);
                    //List<String> list = Arrays.asList(SAFE_FILES);
                    int begin = file.getOriginalFilename().indexOf(".");
                    int last = file.getOriginalFilename().length();
                    String fileTrueExt = file.getOriginalFilename().substring(begin, last);
                    //判断文件后缀是否在安全列表
                    if(!safefiles.stream().filter(d->d.equals(fileTrueExt.toLowerCase())).findFirst().isPresent()){
                        return;
                    }
                }
            } else {
                arg2.doFilter(arg0, arg1);
            }
        }else {
            arg2.doFilter(arg0, arg1);
        }

    }

    @Override
    public void destroy() {
    }
    @Override
    public void init(FilterConfig filterconfig) throws ServletException {
    }
}
